[TT-16609], github actions keycloak fix

[andrei-tyk]

No description provided.

[probelabs]

This PR fixes an issue with the Keycloak integration in the api-tests GitHub Action by introducing two new environment variables.

Files Changed Analysis

• File: .github/actions/tests/api-tests/action.yaml
• Changes: 2 lines added.
• Summary: The change is isolated to the configuration of the api-tests action, adding two environment variables to the pytest.env file used during the test run.

Architecture & Impact Assessment

• What this PR accomplishes: It resolves a configuration issue in the CI pipeline, ensuring that API tests can reliably connect to the Keycloak service.
• Key technical changes introduced: Two environment variables are added:
  • TYK_TEST_KEYCLOAK_URL=http://localhost:8180
  • TYK_TEST_KEYCLOAK_INTERNAL_URL=http://keycloak:8080
• Affected system components: The change affects the continuous integration environment, specifically the api-tests GitHub Action. It has no impact on the production application code. The two distinct URLs suggest a containerized testing environment where services communicate via different hostnames depending on the context (from the host vs. from another container).

graph TD
    subgraph GitHub Actions CI Environment
        A[api-tests action] -- Uses internal URL --> B(Keycloak Service);
    end

Loading

Scope Discovery & Context Expansion

• The change is scoped to the test environment configuration. It implies that our API tests have a dependency on a running Keycloak instance for features related to authentication or authorization.
• To further understand the context, a reviewer could:
  1. Search the codebase for the usage of TYK_TEST_KEYCLOAK_URL and TYK_TEST_KEYCLOAK_INTERNAL_URL to see how they are consumed by the tests.
  2. Examine the CI workflow files to see how the Keycloak test service is set up.
  3. Refer to the Jira ticket TT-16609 for details on the original bug.

Metadata

• Review Effort: 1 / 5
• Primary Label: bug

---

Powered by Visor from Probelabs

Last updated: 2026-02-20T08:12:50.447Z | Triggered by: pr_opened | Commit: 7e24a67

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

Security Issues (1)

Severity	Location	Issue
🟡 Warning	.github/actions/tests/api-tests/action.yaml:46-47	The Keycloak service URLs are configured using 'http', which results in unencrypted communication. Any authentication tokens or credentials exchanged during the test process will be transmitted in cleartext. This is an insecure practice, even in a test environment, as it exposes sensitive test data to potential interception. 💡 Suggestion Update the Keycloak URLs to use 'https' to ensure all communication with the identity provider is encrypted. This may require configuring the test Keycloak instance with a TLS certificate (e.g., self-signed) for the test environment.

✅ Architecture Check Passed

No architecture issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

✅ Quality Check Passed

No quality issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2026-02-20T08:12:53.808Z | Triggered by: pr_opened | Commit: 7e24a67

💡 TIP: You can chat with Visor using /visor ask <your question>